April fool's day? Was Re: [governance] APC Statement as IGF II closes

Suresh Ramasubramanian suresh at hserus.net
Thu Nov 15 10:37:23 EST 2007


Meryem Marzouki wrote:

> Is APC also seriously proposing same thing for harmul content? i.e. a

To some extent, this is expressed in the Council of Europe's Convention of
Cybercrime, with an additional protocol concerning criminalization fo acts
of a racist and xenophobic nature committed through computer systems.

Not all countries are party to this of course - the USA, while a signatory
to the Convention on Cybercrime, has specifically opted out of signing this
additional protocol.

What Karen touches on goes a bit deeper

1.  Law enforcement, and ISP / email providers in the USA (which is
generally the case) are going to be answerable to US law – not to Indian law
or various other countries’ laws, especially as their servers are physically
located in the USA.

2. Long arm legislation or enforcement is a fantasy.  

3. What is a reality is well defined mechanisms for cooperation between
different LE agencies, and policies at ISPs (most of which are good at
responsible enforcement).

For law enforcement people that are investigating cybercrime related stuff
like hacking, espionage, as well as things like threat to life situations
(ransom notes sent by kidnappers, stalking etc), they can easily use MLATs,
conventions like the CoE convention etc to get very quick action indeed.
There's even a 24x7 POC provided for (extending the G8 network that provided
for this)

What will NOT get the same kind of quick action is content related cases.
For example from Thailand reporting a blog that has an insulting photo of
their king on it (a recent real case). Or something from India where an
orkut page that calls a famous historical figure a coward [so that a hindu
right wing + regional political party that idolizes the man, call him a
local hero both for fighting against the Mughals, who happened to be Muslim,
and for being as famous as anybody from their state is ever going to get,
decides to go around smashing up cybercafés, calling for orkut to be banned
etc].

Such content is not easy or feasible for US law enforcement to prosecute due
to first amendment free speech protections, unless the free speech is of the
sort that is defined as “shouting fire in a crowded theater” – or more
precisely, speech that incites imminent lawless action (such as incitement
to riot, etc) – a test for free speech expressed by the US Supreme Court in
1969, in Brandenburg vs Ohio.   Note:  if the content really DOES have the
risk that it will cause a riot, explaining that might be one way to proceed.

At the most, in cases where the content is not illegal in the USA, they can
forward the complaint to the provider.   After which it becomes a question
of 

1.	Whether the provider deems the content contrary to the terms of use
of their service, and takes action on it

a.	Providers need to have mature processes in place.   Most large
providers do.  Some don’t and will learn – but the way they will learn is
not really by having law enforcement go after them for prosecuting the
exercise of (quite possibly silly, or even hateful) free speech.  e&oe the
imminent lawless action exception of course, or that other limit to free
speech (not infringing on others privacy).

b. Providers wont learn either if the law doesn’t have safe harbor for
providers, and do something silly (like the Indian police who arrested the
CEO of eBay India because someone was selling a pornographic MMS video) -
something that attracted quite high level US attention as the arrested man
was a US citizen, CEO of the Indian subsidiary of a US corporation etc etc.
The publicity hound police officer who arrested that man even went and
called a press conference to boast about it - something he is apparently
regretting now..

c. Case in point where providers don’t have mature processes in place and
courts / law enforcement are quite justified in going after them - Google is
in hot water in Brazil, with the Brazilian head of Google facing criminal
contempt charges in court – for their inaction in allowing Orkut to be
overrun with child abuse and similar content.  See an article in the WSJ a
few weeks back about this.
http://online.wsj.com/public/article/SB119273558149563775-6_LyeLHpy85P7ZUe7r
yt_g_bfMI_20081018.html

d. That is mainly, as I said, because Orkut, with lots of Brazilian users,
has got itself a huge infestation of pages with explicit child porn, racist
content, violations of privacy (hidden cam nude photos of a Brazilian
actress some years back), etc – and their Google Ads program was doing
assorted silly things like putting pet store ads in a page dedicated to
sadists who like photos of animals being stabbed to death - so running into
Brazil's advertising standards body guidelines

e.  In that specific case, Google did not, in my opinion, have mature or
adequate processes in place to handle abuse issues.   They do have quite
good ideas on privacy – and are vocal on this in forums including APEC.
Doesn’t change the fact that their abuse handling procedures either were
grossly inadequate, or slipped up (or both) in this case.

---
OR
---

2. Whether the country complaining –has the pull required to pressure the
ISP into disgorging data.

a.	Technically - and in fact - a company incorporated in a particular
country, managed / owned / staffed by that country's citizens, is subject to
that country's laws. In the case of an international company, the situation
gets more complex, with local subsidiaries subject to the local country's
laws.

b. Disgorging content that is not locally hosted by that subsidiary still
doesn’t usually work that easily, especially in free speech cases.  In fact,
any results are *not* likely unless that country is an autocratic government
with a market that is seen as a yet largely untapped, massive source of
revenue. 

b.	The consequence of a subsidiary in that country disgorging data due
to a subpoena from that country’s government can be quite embarrassing
(being hauled up in front of a senate subcommittee among other things, as
recent headlines show).
 
Interesting questions to consider, in the light of Karen's remarks.

	srs

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list